New Update Microsoft Office update breaks actively exploited RCE attack chain

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,232
Microsoft today released a defense-in-depth update for Microsoft Office that prevents exploitation of a remote code execution (RCE) vulnerability tracked as CVE-2023-36884 that threat actors have already leveraged in attacks.

In today's Microsoft August Patch Tuesday, the update helps fix CVE-2023-36884, a security issue disclosed in July, which Microsoft did not patch at the time but provided mitigation advice.

Initially, the bug was reported as an RCE in Microsoft Office, but further review led to classifying it as a Windows Search remote code execution.

Hackers exploited the vulnerability as a zero-day to execute code remotely using malicious Microsoft Office documents in attacks from the RomCom threat group for financial and espionage purposes.
Click to expand...
www.bleepingcomputer.com

Microsoft Office update breaks actively exploited RCE attack chain

Microsoft today released a defense-in-depth update for Microsoft Office that prevents exploitation of a remote code execution (RCE) vulnerability tracked as CVE-2023-36884 that threat actors have already leveraged in attacks.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
  • Like
Reactions: vtqhtr413, silversurfer, Andy Ful and 3 others

Similar threads

lokamoka820
    • Like
    • Thanks
    • Hundred Points
New Update Microsoft Office 2024 Is Almost Here
Replies
5
Views
491
Office, email and business apps
lokamoka820
lokamoka820
Gandalf_The_Grey
    • Like
    • Thanks
Security News South Korean hackers exploited WPS Office zero-day to deploy malware
Replies
4
Views
2,371
Security News
cartaphilus
cartaphilus
Gandalf_The_Grey
Security News D-Link says it is not fixing four RCE flaws in DIR-846W routers
Replies
0
Views
1,777
Security News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top